Report Spoof E-mail as “Phishing mail”

I try to get additional information regarding the subject of “what happens behind the scenes” when using the option of – reporting E-mail message as phishing in Office 365 environment but, I could not find information about the exact process that implemented.

Despite this lack of information, in a scenario of phishing E-mail message, the best practice is to use the option of “reporting”.

Send the Spoof E-mail for further analysis

In a scenario in which we want to forward the “Spoof E-mail message” to a technical person or team, that will be able to analyze the E-mail message, the most common mistake is to copy and paste the content of the “Spoof E-mail message” or send a screenshot to the technical person that will need to analyze the information.

In such a scenario, there are two important issues that we need to know about:

Send the “Spoof E-mail message” as a mail item – the meaning is that we need to have all the data that include in the “Spoof E-mail message”, the content, the email headers and so on.

When sending an E-mail as an attachment, there is a reasonable chance that the destination mail servers which “accept” the E-mail will change \update some fields in the E-mail header.

For this reason, when we sent an email message for further analysis, it’s important to “zip” the E-mail message.

Report a Spoof E-mail as “Phishing mail” in Office 365

At the current time, to the option of reporting about a Spoof E-mail or a “Phishing mail” is available for Office 365 customers and only one using the OWA mail client.

Technically speaking, the Spoof E-mail” is different from the formal definition of Phishing mail, but for our purpose, we will not go into a detailed description and relate to Spoof E-mail as a Phishing mail.

The process of reporting a particular E-mail as a “Spoof E-mail” is very simple.

All you need to do is to select the appropriate E-mail message, click on the small black arrow
on the not junk menu

Dealing with spoof E-mail – Office 365 | Article series index

In the current article, we will review two subjects that relate to a scenario in which organization experiences a Spoof E-mail attack:
Report the Spoof E-mail as “Phishing mail”.
Sent the Spoof E-mail for further analysis.